Data

Tools

Indexes

Applications

Experiments

Open Source Science

solidity-detectors

Research on Vulnerability Detection Using Intermediate Representations of Solidity

https://github.com/coinfabrik/solidity-detectors

Science Score: 54.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
    Found CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
  • Academic publication links
  • Committers with academic emails
    2 of 149 committers (1.3%) from academic institutions
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (13.0%) to scientific vocabulary

Keywords

solidity vulnerability-detection

Keywords from Contributors

cryptocurrencies distributed pairings parallel networks meshes embedded lakehouse mpp olap
Last synced: 6 months ago · JSON representation ·

Repository

Research on Vulnerability Detection Using Intermediate Representations of Solidity

Basic Info
  • Host: GitHub
  • Owner: CoinFabrik
  • License: agpl-3.0
  • Language: Python
  • Default Branch: main
  • Homepage:
  • Size: 65.1 MB
Statistics
  • Stars: 0
  • Watchers: 4
  • Forks: 0
  • Open Issues: 0
  • Releases: 0
Topics
solidity vulnerability-detection
Created over 1 year ago · Last pushed about 1 year ago
Metadata Files
Readme Contributing License Citation Codeowners

README.md

Solidity Detectors: Static Analysis Tool

License: GPL v3

Solidity Detectors is an open source tool to assist Solidity developers and auditors in the detection of smart contract vulnerabilities. It modifies the Slither Static Analyzer by adding 3 new detectors and modifying an existing one.

Quick Start

Install Solidity Detectors

Solidity Detectors is built upon the Slither Static Analyzer. Installing Solidity Detectors requires the user to install Slither.

Note
Slither requires Python 3.8+. If you're not going to use one of the supported compilation frameworks, you need solc, the Solidity compiler; we recommend using solc-select to conveniently switch between solc versions.

Use a Python Virtual Environment

It is recommended to use a Python virtual environment to prevent version conflicts. For more information on Python environments for Slither, you can consult the Developer Installation Instructions.

You will need to install virtualenv to create and manage your Python virtual environments.

bash pip install virtualenv

You should set up the virtual environment in the parent directory of Solidity Detectors or in any higher-level directory within the directory tree.

Navigate to the folder where you wish to create your virtual environment. It is advisable to create a project directory where you will create your virtual environment and clone Solidity Detectors. Then, create your environment with the following command:

bash python -m venv virtual-environment-name

Every time you wish to activate the virtual environment, you can run this command:

bash source virtual-environment-name/bin/activate

To deactivate the virtual environment, simply run

bash deactivate

All the necessary installations to run Slither and Solidity Detectors will be managed from the virtual environment.

Use Git to clone the Solidity Detectors POC repository

Navigate to the project directory. Then, clone Solidity Detectors.

bash git clone https://github.com/crytic/slither.git && cd slither python3 -m pip install .

Install and Use a solc Version

To analyze your smart contracts, you will need to install and use the necessary solc version. First, make sure that solc is installed.

bash npm install solc

Then, identify the solc version used by your contract and install it using the following commands.

bash solc-select install your-version solc-select use your-version

Run Solidity Detectors POC

Once you've cloned the repository and installed the necessary dependencies to run Slither, you can start running the static analyzer on your smart contracts.

⚠️ Important
Solidity Detectors is to be run from the root of the cloned solidity-detectors repository. Running the tool from another directory will result in errors or will use Slither without our Solidity Detectors if a global version of Slither is installed.

You can run the tool on repositories and .sol files alike. Consider the following example for running the tool on a file by using the slither command:

bash python3 -m slither path/to/your/directory/or/file.sol

To run files that use dependencies, add the --solc-remaps parameter:

bash python3 -m slither path/to/your/directory/or/file.sol --solc-remaps "@dependencies=path/to/your/dependencies/@dependencies"

About

This project is a public-private initiative between the Fundación Sadosky, the LAFHIS laboratory of the Faculty of Exact and Natural Sciences at the University of Buenos Aires (UBA), and CoinFabrik). While the LAFHIS laboratory researches cutting-edge techniques for vulnerability detection, CoinFabrik brings its extensive experience in the blockchain industry and the development of static analyzers. The support of Fundación Sadosky is key to advancing this research and development initiative.

License

This project is licensed and distributed under a AGPLv3 license. Contact us if you're looking for an exception to the terms.

Owner

  • Name: CoinFabrik
  • Login: CoinFabrik
  • Kind: organization
  • Location: Argentina

Citation (CITATION.cff) 

cff-version: 1.2.0
title: Slither Analyzer
message: >-
  If you use this software, please cite it using the
  metadata from this file.
type: software
authors:
  - given-names: Josselin
    family-names: Feist
  - given-names: Gustavo
    family-names: Grieco
  - given-names: Alex
    family-names: Groce
identifiers:
  - type: doi
    value: 10.48550/arXiv.1908.09878
    description: arXiv.1908.09878
  - type: url
    value: 'https://arxiv.org/abs/1908.09878'
    description: arxiv
  - type: doi
    value: 10.1109/wetseb.2019.00008
repository-code: 'https://github.com/crytic/slither'
url: 'https://www.trailofbits.com/'
repository-artifact: 'https://github.com/crytic/slither/releases'
abstract: >-
  Slither is a static analysis framework designed to provide
  rich information about Ethereum smart contracts.

  It works by converting Solidity smart contracts into an
  intermediate representation called SlithIR.

  SlithIR uses Static Single Assignment (SSA) form and a
  reduced instruction set to ease implementation of analyses
  while preserving semantic information that would be lost
  in transforming Solidity to bytecode. 

  Slither allows for the application of commonly used
  program analysis techniques like dataflow and taint
  tracking.


  Our framework has four main use cases: 

  (1) automated detection of vulnerabilities,

  (2) automated detection of code optimization
  opportunities,

  (3) improvement of the user's understanding of the
  contracts, and

  (4) assistance with code review.  
keywords:
  - Ethereum
  - Static Analysis
  - Smart contracts
  - EVM
  - bug detection
  - Software Engineering
license: AGPL-3.0-only
commit: 3d4f934d3228f072b7df2c5e7252c64df4601bc8
version: 0.9.5
date-released: '2023-06-28'

GitHub Events

Total
  • Member event: 1
  • Push event: 2
Last Year
  • Member event: 1
  • Push event: 2

Committers

Last synced: 7 months ago

All Time
  • Total Commits: 3,248
  • Total Committers: 149
  • Avg Commits per committer: 21.799
  • Development Distribution Score (DDS): 0.539
Past Year
  • Commits: 27
  • Committers: 4
  • Avg Commits per committer: 6.75
  • Development Distribution Score (DDS): 0.37
Top Committers
Name Email Commits
Josselin j****n@t****m 1,497
alpharush 0****h@p****m 426
webthethird r****l@g****m 183
Simone s****a@t****m 113
David Pokora d****a@g****m 89
Emilio López e****z@t****m 81
rajeevgopalakrishna r****a@g****m 77
dependabot[bot] 4****] 41
Alexander Remie u****r@r****e 36
samczsun g****b@s****m 35
bohendo b****n@t****m 35
devtooligan d****n@t****v 33
ggrieco-tob g****o@t****m 33
Alexis a****e@t****m 25
Maximilian Krueger k****i@g****m 24
Dan Guido d****n@t****m 23
bart1e b****i@o****l 23
disconnect3d d****a@g****m 21
Tadashi t****o@g****m 20
Tigran Avagyan t****v@g****m 17
fpereira24 f****a@c****m 17
Vishnuram Rajkumar v****3@g****m 16
Boyan-MILANOV b****v@t****m 15
Omidiora Samuel 8****y 15
Pascal Marco Caversaccio p****o@h****h 15
William Aaron Cheung t****r@l****m 13
Judy Wu j****u@g****m 13
Jaime 2****s 12
S.Sidarth 3****6 12
0xGusMcCrae 0****e@p****m 11
and 119 more...
Committer Domains (Top 20 + Academic)
trailofbits.com: 19 qq.com: 3 coinfabrik.com: 2 126.com: 2 offchainlabs.com: 1 certik.com: 1 tiger-222.fr: 1 zenviron.io: 1 redshark1802.com: 1 tutanota.com: 1 pm.me: 1 defibasket.org: 1 mattsolomon.dev: 1 hotmail.ch: 1 op.pl: 1 tooligan.dev: 1 samczsun.com: 1 rmi7.me: 1 richardson.tech: 1 ethz.ch: 1 calpoly.edu: 1

Issues and Pull Requests

Last synced: 7 months ago

All Time
  • Total issues: 0
  • Total pull requests: 8
  • Average time to close issues: N/A
  • Average time to close pull requests: 7 days
  • Total issue authors: 0
  • Total pull request authors: 2
  • Average comments per issue: 0
  • Average comments per pull request: 0.0
  • Merged pull requests: 7
  • Bot issues: 0
  • Bot pull requests: 0
Past Year
  • Issues: 0
  • Pull requests: 8
  • Average time to close issues: N/A
  • Average time to close pull requests: 7 days
  • Issue authors: 0
  • Pull request authors: 2
  • Average comments per issue: 0
  • Average comments per pull request: 0.0
  • Merged pull requests: 7
  • Bot issues: 0
  • Bot pull requests: 0
View more stats
Top Authors
Issue Authors
Pull Request Authors
  • Fransr24 (6)
  • maquirriaincf (2)
Top Labels
Issue Labels
Pull Request Labels